On the (in)security of Some Smart-Card-Based Password Authentication Schemes for WSN

In this paper, the authors investigate a temporal-credential-based password authentication scheme introduced by Xue et al. in 2012. This protocol only involves hash and XOR operations and thus is suitable for the resource-constrained WSN environments where an external user wants to obtain real-time data from the sensor nodes inside WSN. However, notwithstanding their security arguments, they point out that Xue et al.'s protocol is still vulnerable to smart card security breach attack and privileged insider attack, and fails to provide identity protection. The proposed cryptanalysis discourages any practical use of the scheme under investigation and reveals some subtleties and challenges in designing this type of schemes.